We have a slightly different issue- and Cisco TAC is blaming two bugs- one in controllers (too many RADIUS starts in accounting) and one in ACS (we use 3.3.3, but the bug is on newer versions as well). We are seeing 4-7 RADIUS accounting starts per single user authentication. Is more overwhelming our NAC solution occasionally as we trigger off of these starts. But- the ACS boxes do very well despite this (we see 5800+ simultaneous users on 1850 access points on our 802.1x network, PEAP w/ MS-CHAP v2, TKIP- simple "if you are in AD, you pass" with no vlan steering).
Given that the controllers are sourcing these RADIUS packets, not sure if moving to a different RADIUS server would make a difference. All in all- ACS has been rock solid and reliable. WiSM code? Well, that's another story from time to time. Lee -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Hector J Rios Sent: Wed 9/24/2008 3:28 PM To: [email protected] Subject: [WIRELESS-LAN] ACS issues... This semester we have seen in the ACS Passed Authentication Logs a lot of users passing multiple successful authentications, along with a good chunk of failed attempts also. So much so that our too auth servers are being overwhelmed. We use Cisco WiSMs (4.2.130.0) with lightweight APs and ACS v4.2 Build 124. Anybody having similar issues? Thanks, Hector Rios Louisiana State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
